Archive for May, 2010

Typhoid Adware is a software which resembles the healthy carrier of typhoid called Typhoid Mary. This kind of threat works to the full potential on computer networks and specifically on wireless networks. Actually, the internet cafes and other similar public places where the customers can access internet wirelessly without any data encrpytion, are the most convenient places for being infected Adware software. Typhoid Adware comes from another’s person computer and convinces other laptops to communicate with it and not the legitimate access point. Then the Typhoid adware automatically inserts advertisements in videos and web pages on the other computers.

John Aycock who co-authored a paper with assistant professor Mea Wang and students Daniel Medeiros Nunes de Castro and Eric Lin have come up with solutions which support computers with security defences against threats of various Adwares like the Typhoid Adware.

In that paper the researchers demonstrated the technique to continuously spy on BitTorrent users for 103 days. They collected 148 million IP addresses and identified 2 billion copies of downloads, many of them copyrighted.

From this research most important is that identified the IP addresses where much of the content originated. This means that the individuals that creating the torrent files are few. Therefore, the question is why the anti-piracy groups try to stop millions of downloaders instead of a few content providers.

Across the web, its common for advertisers like Google Inc.’s DoubleClick and Yahoo Inc.’s Right Media, to receive the address of the page from which a user clicked on an advertisement. They receive nothing more than an incomprehensible string of letters and numbers that can’t be used to retrieve users’ information.

However, with social networking sites, those addresses include data which advertisers can use to look up individual profiles and discover users’ personal information and interests, contrary to their privacy policy and their promises they don’t share such information without consent.

After Wall Street Journal’s questions, Facebook and MySpace moved to make changes to stop the handover.

“If you are looking at your profile page and you click on an advertisement, you are telling that advertiser who you are”, an assistant professor at Harvard Business School said.

See the graphic about Internet sites that share information that could be tied to individual profiles.

A vulnerability has been discovered in 64-bit Windows 7 , in graphics display component that could be exploited to crash the system or potentially take control of the computer by running code remotely.The vulnerability is in the Canonical Display Driver (cdd.dll) which could allow code execution(Microsoft isn’t aware of this ,cause vulnerable code execution is unlikely due to memory randomization) caused due to an error while drawing in kernel space by using the cdd.dll . This can be exploited to dereference invalid memory in a write operation and corrupt kernel memory.When the Windows Aero theme is installed, does not perform the expected data parsing after user-mode data is copied to kernel mode, which allows context-dependent attackers to cause a denial of service or possibly execute arbitrary code via a crafted image file.

The Mozilla Firefox development team has recently came with the idea of warning Firefox users about outdated, insecure or buggy plug-in. It was first implemented for Adobe flash plug in. It was created as a What’s New page and integrated in recent Firefox updates.

The scripts on the page check for installed plugins and compare the version of the installed plugin with the latest version that is offered officially by the developer of the plugin. Some supported plug-ins (among others) are Apple Quicktime, Shockwave Flash, Adobe Acrobat, Java, RealPlayer and Windows Media Player plugins. Furthermore the Mozila Firefox development team now extends the page to support all the popular browsers.

The XSS filter that was the developed from Microsoft and added to the last IE version to prevent XSS attacks can be used for the very exact opposite reason! The cross-site scripting (XSS) filter can be abused by attackers to launch cross-site scripting attacks (XSS) on websites and web pages that would otherwise be immune to this threat.

The IE8 filter works by scanning outbound requests for strings that may be malicious. When such a string is detected, IE8 will dynamically generate a regular expression matching the outbound string. The browser then looks for the same pattern in responses from the server. If a match is made anywhere in the server’s response, the browser assumes that a reflected XSS attack is being conducted and the browser will automatically alter the response so that the XSS attack will be unsuccessful.

A high critical zero day vulnerability for Apple’s web browser, Safari, was discovered by Krystian Kloskowski and Vin Lisciandro and published last week by Secunia.

The security issue affects current version of Safari (v. 4.0.5) for Microsoft Windows (confirmed) and probably for Mac. Earlier versions of Safari might also be vulnerable. Successful exploitation of the issue leads to remote code execution or exposure of victim’s private data. Secunia has released advisory SA39670, which explains that the flaw exists because of ‘a use-after-free error when handling pop-up boxes created from a child window’ which can result in a function call using an invalid pointer. It is also stated that it ‘can be exploited to execute arbitrary code when a user visits a specially crafted web page’. Another issue mentioned is that Safari includes HTTP basic authentication credentials in an HTTP request if a web page that requires HTTP basic authentication redirects to a different domain (e.g. via a “Location” header).

Google announced 3 days ago it had accidentally picked up on Wi-Fi data while taking photos for Google Maps’ Street View feature.

It used the cars to capture videos through the panoramic cameras and on the move it caught the SSIDs and MAC addresses that identified networks and devices. It didn’t know that as it was taking pictures, the camera system collected ‘useful’ data from Local WiFi Networks. This information which are collected are used to improve the location based services.

According to the security firm Bkis, this worm has delevoped a more efficient way of persuading people follow the steps that lead to the trap and achieving its goals. The main means of spreading are Yahoo Instant Messanger and Skype, so the first indirect contact with the malware is done via a message that is selected from a various set of messages which is followed by a link.

A recent critical vulnerability has been identified in Windows Outlook Express, Windows Mail and Windows Live Mail. This security issue can allow remote code execution if the users visits a malicious e-mail server. The attacker can gain the same privileges of the computer as the user has.The security update addresses the vulnerability by correctly validating e-mail server responses.Patches have been released.